CyberSource Study: 2011 Online Merchants Made Most Progress Against
Fraud in 13 Years

But study also shows fraudsters taking more per theft;Stealing
$3.4B from online revenues in 2011;Early mCommerce fraud stats
show promise

January 24, 2012 08:00 AM Eastern Standard Time

SAN FRANCISCO, Calif.--(BUSINESS WIRE)--CyberSource, a Visa company (NYSE: V), today announced results of its 13th
annual survey of eCommerce fraud. The overall picture: merchants are
making gains against fraud but the battle continues. The fraud rate by
order (the percentage of orders that turned out to be fraudulent)
dropped from 0.9 percent in 2010 to 0.6 percent in 2011—the lowest in
the 13 year history of the survey. But the cost of combatting fraud
continues to grow. Dollar losses were up, manual review continued to
climb, and merchants reiterated their concern that fraud is becoming
more difficult to detect. 27 percent of respondents said they are
engaged in mobile commerce and initial indicators regarding fraud in
that channel are promising.

“The continued growth in eCommerce is a welcome development for
merchants and the economy overall,” said Andrew Naumann, CyberSource
Senior Business Leader, Fraud Management Solutions. “The bad news is
that fraudsters took in a higher dollar volume, the first such increase
we’ve seen since 2008. Our study shows merchants are working harder than
ever to keep fraud in check, using more tools and reviewing more orders.
Clearly the criminal element is growing more sophisticated.”

Selected findings from the 2011 surveys

Equal or lower perceived risk from mobile commerce: 27 percent of
merchants responding to the survey indicate they have made investments
in true mCommerce channels (accept orders from a mobile app or mobile
optimized browser). Among those tracking fraud rates in this
comparatively new channel, the majority (92 percent) feel fraud is equal
to or lower than that experienced with online orders.

Fraudulent order rate lower, fraudulent order value higher: The
fraud rate by order dropped 33 percent, from 0.9 percent in 2011 to 0.6
percent. On average, merchants say 1 percent of online revenues were
lost to fraud in 2011, a slight increase over last year’s 0.9 percent.
That translates to an estimated 2011 merchant dollar loss of
approximately $3.4 billion.[1] This is the first time
merchants have cited an increase in the fraud rate by revenue since
2004. The lower fraud rate by order, accompanied by higher estimated
revenue loss, means fraudsters are stealing more expensive items --$250
on average vs. $150 on average for a valid order. Looking at fraud rates
by category of merchandise, consumer electronics were the hardest hit by
fraudsters, followed by digital goods. The former are among the most
lucrative for resale, while orders for the latter are typically executed
in real time, allowing little opportunity for further review. The
largest merchants tend to have, year after year, the best results in
fighting fraud, a reflection of those organizations’ use of more fraud
detection tools and human resources.

Merchants holding the line: The mostly flat estimates of fraud
rate by revenue demonstrate merchant success in fighting fraud, but at a
cost – they are using more tools and systems, and reviewing more orders.
In 2011, merchants used an average of 4.9 fraud detection tools to
automatically screen orders, compared to 4.6 the year before. Merchants
with more than $25 million in annual online revenues used about eight
tools in 2011 (vs. 7.4 in 2010). Manual review is an effective but
expensive strategy—typically comprising 52 percent of merchants’ fraud
management budgets. Merchants that engage in manual review (75 percent
of the sample), looked at 27 percent of their orders in 2011, up from 24
percent the prior year. To complete manual screening, merchants reported
review staff accessed an average of 4.2 systems and information sources
in 2011, continuing the upward (more expensive and time-consuming) trend
seen since the 3.7 systems reported in 2009.

Scalability a growing concern: Most merchants (75 percent) say
they foresee no increase in staffing going into 2012. Yet eCommerce
continues to grow steadily, compelling merchants to work even harder to
control their fraud management costs. Merchants in 2011 ultimately
accepted 75 percent of the orders that they manually reviewed, of which
6 percent turned out to be fraudulent—ten times higher than the overall
0.6 percent fraud rate by order. These figures suggest better
pre-screening and more reviewer training are called for.

International orders carry higher risk: Nearly 60 percent of
merchants surveyed accept orders from outside of the U.S. and Canada,
showing growing ease with the international marketplace. However,
merchants are still taking a cautious approach, rejecting 7.3 percent of
international orders (vs. 2.8 percent of orders originating in North
America) – over 2.5 times higher. This prudence is warranted – the
international fraud rate by order was 2.0 percent, over 3 times higher
than the fraud rate by order for North American orders (0.6 percent).
One quarter of respondents said their company had stopped accepting
international orders altogether due to the fraud risk—50 percent of that
group specifically citing Nigeria as a high risk area. Merchants looking
to grow their international sales channel may need to employ additional
tools to detect sophisticated fraud, such as global transaction activity
modeling, website behavior analysis, device fingerprinting, and IP
geolocation.

Survey methodologyand details

The 13th annual CyberSource fraud survey was commissioned by CyberSource
Corporation and executed by Mindwave Research of Austin, Texas. The
survey was fielded September 13 through October 12, 2011, and yielded
response from companies representing a total of $83.8 billion in online
sales—24 percent of the total estimated online market for 2011 (325
qualified and complete responses). The sample was drawn from a database
of companies involved in electronic commerce activities. Incentives to
respondents included a summary of the research.

CyberSource, a wholly-owned subsidiary of Visa Inc., is a payment
management company. Over 390,000 businesses worldwide use CyberSource
and Authorize.Net
brand solutions to process online payments, streamline fraud management,
and simplify payment security. The company is headquartered in San
Francisco and maintains offices throughout the world, with regional
headquarters in Singapore (Asia Pacific); Tokyo (Japan), Miami/Sao Paulo
(Latin America and the Caribbean), and Reading, U.K. (Europe/Middle
East/Africa). CyberSource operates in Europe under agreement with Visa
Europe. For more information, please visit www.cybersource.com.

[1] Based on an estimated eCommerce market size for the U.S.
and Canada of $340 billion, multiplied by the reported online revenue
fraud loss rate of 1.0 percent.